On Thu, 2021-03-04 at 10:23 -0500, Alexander Bulekov wrote: > On 210304 1843, Yan Zhiqiang wrote: > > Hello Alex, > > I'm learning the fuzz in QEMU recently, I review the fuzz code > > under > > /tests/qtest/fuzz which is written by you. > > I learn a lot from it, but I stuck when I want to debug the fuzz > > code. > > I use the gdb with command as follows: > > > > > gdb -q --args ./qemu-fuzz-i386 --fuzz-target=generic-fuzz- > > > virtio-vga > > > ./fuzz-output > > > > and set breakpoint at generic_fuzz.c:generic_fuzz. > > It acctually stop when hit the breakpoint. But the function > > argument Size > > is zero and then goto _Exit(0). (try many times but always the > > same) > > Hi Zhiqiang, > Happy to have more people look at the fuzzing code. > We run each input in a forked process. Maybe you need to run > "set follow-fork-mode child" in gdb?
Hi Alex, Just curious why you choose to use the libfuzzer at first instead of AFL and its descendants like AFL++ since they use a forkserver by design, and the performance also seems better [1]. [1] https://www.fuzzbench.com/reports/2021-02-13-paper/index.html Thank you. Qiuhao Li